800-53|IA-5(11)

Title

HARDWARE TOKEN-BASED AUTHENTICATION

Description

The information system, for hardware token-based authentication, employs mechanisms that satisfy [Assignment: organization-defined token quality requirements].

Supplemental

Hardware token-based authentication typically refers to the use of PKI-based tokens, such as the U.S. Government Personal Identity Verification (PIV) card. Organizations define specific requirements for tokens, such as working with a particular PKI.

Reference Item Details

Category: IDENTIFICATION AND AUTHENTICATION

Parent Title: AUTHENTICATOR MANAGEMENT

Family: IDENTIFICATION AND AUTHENTICATION

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
5.7 Ensure multi-factor authentication is enable for users - enabledUnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.7 Ensure multi-factor authentication is enable for users - moduleUnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.7 Ensure multi-factor authentication is enable for users - removal actionUnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.10 Ensure enable smartcard authentication is set to trueUnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.18 Install an approved tokend for smartcard authenticationUnixCIS Apple OSX 10.9 L2 v1.3.0
5.19 Install an approved tokend for smartcard authenticationUnixCIS Apple OSX 10.11 El Capitan L2 v1.1.0
18.9.11.1.11 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.11 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.11 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.11.1.15 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.9.11.1.15 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.9.11.1.16 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.9.11.1.16 (BL) Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.11.1.16 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.9.11.3.11 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.3.11 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.3.11 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.3.12 Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.9.11.3.12 Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.11.3.12 Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'WindowsCIS Windows 7 Workstation Bitlocker v3.2.0
18.9.11.3.15 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.11.3.15 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.9.11.3.15 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
18.9.11.3.16 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.9.11.3.16 (BL) Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.11.3.16 Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True'WindowsCIS Microsoft Windows 10 Enterprise (Release 1809) v1.6.1 BL
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Allow Smartcard AuthenticationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Disable Password Authentication for SSHUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enforce Multifactor Authentication for LoginUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enforce Multifactor Authentication for Privilege Escalation Through the sudo CommandUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate